Threat management

Terms related to security threats, including definitions about anti-virus programs or firewalls and words and phrases about malware, viruses, Trojans and other security attacks.
  • security identifier (SID) - In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.
  • security incident - A security incident is an event that could indicate that an organization's systems or data have been compromised or that security measures put in place to protect them have failed.
  • security information management (SIM) - Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.
  • security policy - A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT) assets.
  • security posture - Security posture refers to an organization's overall cybersecurity strength and how well it can predict, prevent and respond to ever-changing cyberthreats.
  • security theater - Security theater includes any measures taken by a company or security team to create an atmosphere of safety that may only achieve the appearance of heightened security.
  • security token - A security token is a physical or wireless device that provides two-factor authentication (2FA) for users to prove their identity in a login process.
  • Sender Policy Framework (SPF) - Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.
  • SEO poisoning (search poisoning) - SEO poisoning, also known as 'search poisoning,' is a type of malicious advertising (malvertising) in which cybercriminals create malicious websites and then use search engine optimization (SEO) techniques to cause the sites' links to show up prominently in search results, often as ads at the top of the results.
  • session ID - A session ID, also called a session token, is a unique identifier that a web server assigns to a user for the duration of the current session.
  • shadow IT - Shadow IT is hardware or software within an enterprise that is not supported by the organization's central IT department.
  • shadow password file - A shadow password file, also known as /etc/shadow, is a system file in Linux that stores encrypted user passwords and is accessible only to the root user, preventing unauthorized users or malicious actors from breaking into the system.
  • shareware - Shareware is software that is distributed free on a trial basis with the understanding that the user may need or want to pay for it later.
  • shoulder surfing - Shoulder surfing is using direct observation techniques, such as looking over someone's shoulder, to get information.
  • SIGINT (signals intelligence) - SIGINT (signals intelligence) is information gained by the collection and analysis of the electronic signals and communications of a given target.
  • single sign-on (SSO) - Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for example, a username and password -- to access multiple applications.
  • single-factor authentication (SFA) - Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials.
  • smart card - A smart card is a physical card that has an embedded integrated chip that acts as a security token.
  • smart home - A smart home is a residence that uses internet-connected devices to enable the remote monitoring and management of appliances and systems, such as lighting and heating.
  • snooping - Snooping, in a security context, is unauthorized access to another person's or company's data.
  • Snort - Snort is an open source network intrusion detection system (NIDS) created by Sourcefire founder and former CTO Martin Roesch.
  • SOAR (security orchestration, automation and response) - SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
  • social engineering penetration testing - Social engineering penetration testing is the practice of deliberately conducting typical social engineering scams on employees to ascertain the organization's level of vulnerability to this type of exploit.
  • spambot - A spambot is an automated system that sends unwanted, unsolicited messages to users, known as spam.
  • spear phishing - Spear phishing is a malicious email spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.
  • SS7 attack - An SS7 attack is a security exploit that takes advantage of a weakness in the design of SS7 (Signaling System 7) to enable data theft, eavesdropping, text interception and location tracking.
  • stack overflow - A stack overflow is a type of buffer overflow error that occurs when a computer program tries to use more memory space in the call stack than has been allocated to that stack.
  • stateful inspection - Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
  • stealth virus - A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.
  • storage security - Storage security is the group of parameters and settings that make storage resources available to authorized users and trusted networks and unavailable to other entities.
  • strong password - A strong password is one that is designed to be hard for a person or program to guess.
  • Structured Threat Information eXpression (STIX) - Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies.
  • supply chain attack - A supply chain attack is a type of cyber attack that targets organizations by focusing on weaker links in an organization's supply chain.
  • supply chain security - Supply chain security is the part of supply chain management that focuses on the risk management of external suppliers, vendors, logistics and transportation.
  • SYN flood attack - A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.
  • SYN scanning - SYN scanning is a tactic that a malicious hacker can use to determine the state of a communications port without establishing a full connection.
  • threat actor - A threat actor, also called a malicious actor or bad actor, is an entity that is partially or wholly responsible for an incident that affects -- or has the potential to affect -- an organization's security.
  • timing attack - A timing attack is a type of side-channel attack that exploits the amount of time a computer process runs to gain knowledge about or access a system.
  • token - In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.
  • tokenization - Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
  • Tor browser - The Tor (the onion routing) browser is a web browser designed for anonymous web surfing and protection against traffic analysis.
  • TrickBot malware - TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware.
  • Trojan horse - In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious.
  • trusted computing base (TCB) - A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.
  • Trusted Platform Module (TPM) - A Trusted Platform Module (TPM) is a specialized chip on a device designed to secure hardware with cryptographic keys.
  • tunneling or port forwarding - Tunneling or port forwarding is the transmission of data intended for use only within a private -- usually corporate -- network through a public network in such a way that the public network's routing nodes are unaware that the transmission is part of a private network.
  • USB Killer - USB Killer is a device that connects to USB drives and delivers a surge which can damage or destroy unprotected hardware.
  • virtual local area network hopping (VLAN hopping) - Virtual local area network hopping (VLAN hopping) is a method of attacking the network resources of a VLAN by sending packets to a port not usually accessible from an end system.
  • virtual machine escape - A virtual machine escape is an exploit in which an attacker runs code on a VM that lets the operating system (OS) running within it break out and interact directly with the hypervisor.
  • virus (computer virus) - A computer virus is a type of malware that attaches itself to a program or file.
  • virus hoax - A virus hoax is a false warning about a computer virus.
  • virus signature (virus definition) - A virus signature, also known as a 'virus definition,' is a piece of code with a unique binary pattern that identifies a computer virus or family of viruses.
  • vishing (voice or VoIP phishing) - Vishing (voice or VoIP phishing) is a type of cyber attack that uses voice and telephony technologies to trick targeted individuals into revealing sensitive data to unauthorized entities.
  • voice squatting - Voice squatting is an attack vector for voice user interfaces, or VUIs, that exploits homonyms -- words that sound the same, but are spelled differently -- and input errors -- words that are mispronounced.
  • vulnerability assessment - A vulnerability assessment is the process of defining, identifying, classifying and prioritizing vulnerabilities in computer systems, applications and network infrastructures.
  • vulnerability disclosure - Vulnerability disclosure is the practice of reporting security flaws in computer software or hardware.
  • vulnerability management - Vulnerability management is the process of identifying, assessing, remediating and mitigating security vulnerabilities in software and computer systems.
  • WannaCry ransomware - WannaCry ransomware is a cyber attack that spreads by exploiting vulnerabilities in the Windows operating system.
  • war driving (access point mapping) - War driving, also called access point mapping, is the act of locating and possibly exploiting connections to wireless local area networks (WLANs) while driving around a city or elsewhere.
  • Web bug (Web beacon) - A Web bug, also known as a Web beacon, is a file object (usually a graphic image such as a transparent GIF) that is placed on a Web page or in an e-mail message to monitor user behavior.
  • What are social engineering attacks? - Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access.
  • What are the top 10 spyware threats? - The top 10 spyware list describes the most common spyware threats behind famous spyware attacks and is frequently identified by leading antispyware tools from vendors like Webroot, Norton and Malwarebytes.
  • What is a block cipher? - A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm.
  • What is a botnet? - A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners.
  • What is a brute-force attack? - A brute-force attack is a trial-and-error hacking method cybercriminals use to decode login information and encryption keys to gain unauthorized access to systems.
  • What is a buffer overflow? How do these types of attacks work? - A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold.
  • What is a certificate authority (CA)? - A certificate authority (CA) is a trusted entity that issues digital certificates to authenticate content sent from web servers.
  • What is a certificate revocation list (CRL) and how is it used? - A certificate revocation list (CRL) is a list of digital certificates that have been revoked by the issuing certificate authority (CA) before their actual or assigned expiration date.
  • What is a computer exploit? - A computer exploit, or exploit, is a program or piece of code developed to take advantage of a vulnerability in a computer or network system.
  • What is a cyber attack? How they work and how to stop them - A cyber attack is any malicious attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage.
  • What is a cyberthreat hunter (cybersecurity threat analyst)? - A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls.
  • What is a denial-of-service attack? - A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources.
  • What is a disaster recovery plan (DRP)? - A disaster recovery plan (DRP) is a documented, structured approach that describes how an organization can quickly resume operations after an unplanned incident.
  • What is a firewall and why do I need one? - A firewall is a network security device that prevents unauthorized access to a network by inspecting incoming and outgoing traffic using a set of predetermined security rules.
  • What is a hacker? - A hacker is an individual who uses computer, networking or other skills to overcome a technical problem.
  • What is a honeypot? How it protects against cyberattacks - A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT.
  • What is a micro VM (micro virtual machine)? - A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.
  • What is a password? - A password is a string of characters used to verify the identity of a user during the authentication process.
  • What is a potentially unwanted program (PUP)? - A potentially unwanted program (PUP) is a program that may be unwanted, despite the possibility that users consented to download it.
  • What is a private cloud? Definition and examples - Private cloud is a type of cloud computing that delivers advantages similar to public cloud, including scalability and self-service, but through a proprietary architecture.
  • What is a private key? - A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data.
  • What is a public key and how does it work? - In cryptography, a public key is a large numerical value that is used to encrypt data.
  • What is a public key certificate? - A public key certificate is a digitally signed document that serves to validate the sender's authorization and name.
  • What is a rootkit? - A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system.
  • What is a security operations center (SOC)? - A security operations center (SOC) is a command center facility in which a team of information technology (IT) professionals with expertise in information security (infosec) monitors, analyzes and protects an organization from cyberattacks.
  • What is a session key? - A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers.
  • What is a stream cipher? - A stream cipher is an encryption method in which data is encrypted one byte at a time.
  • What is a threat intelligence feed? - A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security.
  • What is a watering hole attack? - A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.
  • What is a web application firewall (WAF)? WAF explained - A web application firewall (WAF) is a firewall that is meant to protect web applications against common web-based threats.
  • What is a whaling attack (whaling phishing)? - A whaling attack, also known as 'whaling phishing' or a 'whaling phishing attack,' is a specific type of phishing attack that targets high-profile employees, such as the chief executive officer (CEO) or chief financial officer, to steal sensitive information from a company.
  • What is AI red teaming? - AI red teaming is the practice of simulating attack scenarios on an artificial intelligence application to pinpoint weaknesses and plan preventative measures.
  • What is an attack vector? - An attack vector is a path or means by which an attacker or hacker can gain access to a computer or network server to deliver a payload or malicious outcome.
  • What is an executable file (EXE file)? - An executable file (EXE file) is a computer file that contains an encoded sequence of instructions the system executes when the user clicks the file icon.
  • What is an initialization vector? - An initialization vector (IV) is an arbitrary number that can be used with a secret key for data encryption to foil cyber attacks.
  • What is an intrusion detection system (IDS)? - An intrusion detection system monitors (IDS) network traffic for suspicious activity and sends alerts when such activity is discovered.
  • What is antimalware? - Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware.
  • What is application allowlisting? - Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system.
  • What is authentication, authorization and accounting (AAA)? - Authentication, authorization and accounting (AAA) is a security framework for controlling and tracking user access within a computer network.
  • What is biometric verification? - Biometric verification is any means by which a person can be uniquely identified by evaluating one or more distinguishing biological traits.